Callback handler that uses Java Security KeyStores to handle cryptographic callbacks. Allows for
specific key stores to be set for various cryptographic operations.

This handler requires one or more key stores to be set. You can configure them in your application context by using a
KeyStoreFactoryBean. The exact stores to be set depends on the cryptographic operations that are to be
performed by this handler. The table underneath show the key store to be used for each operation:

Cryptographic operation

Key store used

Certificate validation

first keyStore, then trustStore

Decryption based on private key

keyStore

Decryption based on symmetric
key

symmetricStore

Encryption based on certificate

trustStore

Encryption based on symmetric key

symmetricStore

Signing

keyStore

Signature verification

trustStore

Default key stores

If the symmetricStore is not set, it will default to the
keyStore. If the key or trust store is not set, this handler will use the standard Java mechanism to
load or create it. See loadDefaultKeyStore() and loadDefaultTrustStore().

Examples

For instance, if you want to use the KeyStoreCallbackHandler to validate incoming
certificates or signatures, you would use a trust store, like so:

Handled callbacks

This class handles CertificateValidationCallbacks,
DecryptionKeyCallbacks, EncryptionKeyCallbacks, SignatureKeyCallbacks, and
SignatureVerificationKeyCallbacks. It throws an UnsupportedCallbackException for others.